<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 4.2.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/font-awesome.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"yoursite.com","root":"/","scheme":"Muse","version":"7.7.1","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}}};
  </script>

  <meta name="description" content="title：压缩包隐写 date：2020-4-7 压缩包隐写含义  常见压缩包格式分析 对于zip文件格式，50 4B 05 06 是文件尾区域的开头标志，文件尾这一共占22个字节的长度，例： zip的三种加密状态 zip有数据区和目录区的区分，只有两个区的全局方式标记位都处在加密位的时候，它才是真加密状态 看图中第一段，50 4B 03 04是数据区的开头，后面的两个字节14 00是解压文件所">
<meta property="og:type" content="article">
<meta property="og:title" content="压缩包隐写">
<meta property="og:url" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/index.html">
<meta property="og:site_name" content="tender healer">
<meta property="og:description" content="title：压缩包隐写 date：2020-4-7 压缩包隐写含义  常见压缩包格式分析 对于zip文件格式，50 4B 05 06 是文件尾区域的开头标志，文件尾这一共占22个字节的长度，例： zip的三种加密状态 zip有数据区和目录区的区分，只有两个区的全局方式标记位都处在加密位的时候，它才是真加密状态 看图中第一段，50 4B 03 04是数据区的开头，后面的两个字节14 00是解压文件所">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407215527459.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407215727887.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407220141049.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200416234341230.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407220303933.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407222725743.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409214510494.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409215511729.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409220448928.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409220600861.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409221516817.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409221639113.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409221912116.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409222144404.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409222516460.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409222748681.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411200952836-1586610277529.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411205239075.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411205559924.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411205707502.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411210759473.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411210947358.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411212207817.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411212627688.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411212606818.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411214227742.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411214639055.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411214731774.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411215746900.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411220050352.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411220133595.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411220352418.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411222354811.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411222502471.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411222637165.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411223029477.png">
<meta property="og:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411223254723.png">
<meta property="article:published_time" content="2020-04-07T14:28:00.943Z">
<meta property="article:modified_time" content="2020-04-16T15:44:26.409Z">
<meta property="article:author" content="YQ Cong">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407215527459.png">

<link rel="canonical" href="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome: false,
    isPost: true
  };
</script>

  <title>压缩包隐写 | tender healer</title>
  






  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-meta">

    <div>
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">tender healer</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
        <p class="site-subtitle">Recording learning gains</p>
  </div>

  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>
</div>


<nav class="site-nav">
  
  <ul id="menu" class="menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-fw fa-home"></i>首页</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-fw fa-archive"></i>归档</a>

  </li>
  </ul>

</nav>
</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content">
            

  <div class="posts-expand">
      
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block " lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="http://yoursite.com/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.gif">
      <meta itemprop="name" content="YQ Cong">
      <meta itemprop="description" content="">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="tender healer">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          压缩包隐写
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              <time title="创建时间：2020-04-07 22:28:00" itemprop="dateCreated datePublished" datetime="2020-04-07T22:28:00+08:00">2020-04-07</time>
            </span>
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2020-04-16 23:44:26" itemprop="dateModified" datetime="2020-04-16T23:44:26+08:00">2020-04-16</time>
              </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <p>title：压缩包隐写</p>
<p>date：2020-4-7</p>
<h1 id="压缩包隐写含义"><a href="#压缩包隐写含义" class="headerlink" title="压缩包隐写含义"></a>压缩包隐写含义</h1><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407215527459.png" alt="image-20200407215527459"></p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407215727887.png" alt="image-20200407215727887"></p>
<h1 id="常见压缩包格式分析"><a href="#常见压缩包格式分析" class="headerlink" title="常见压缩包格式分析"></a>常见压缩包格式分析</h1><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407220141049.png" alt="image-20200407220141049"></p>
<p>对于zip文件格式，50 4B 05 06 是文件尾区域的开头标志，文件尾这一共占22个字节的长度，例：<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200416234341230.png" alt="image-20200416234341230"></p>
<h1 id="zip的三种加密状态"><a href="#zip的三种加密状态" class="headerlink" title="zip的三种加密状态"></a>zip的三种加密状态</h1><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407220303933.png" alt="image-20200407220303933"></p>
<p>zip有数据区和目录区的区分，只有两个区的全局方式标记位都处在加密位的时候，它才是真加密状态</p>
<p>看图中第一段，50 4B 03 04是<strong>数据区</strong>的开头，后面的两个字节14 00是解压文件所需要的版本标志，再往后两个字节是数据区的一个加密的标记位；往后看黄色部分，50 4B 01 02这部分是另一个区，为<strong>目录区</strong>，50 4B 01 02是目录区的开头，再向后两个字节1F 00表示的是<strong>压缩文件所使用的版本</strong>，再往后的14 00表示的是<strong>解压文件所需要的版本</strong>，再往后的两个字节00 00表示的是目录区的<strong>加密标志位</strong></p>
<p>只有当数据区和目录区的加密标志位都处在00 00的时候，表示zip压缩文件处在没有加密的状态。</p>
<p>当数据区的加密标志位为00 00，目录区的加密标志位为09 00时，表示zip压缩文件处在<strong>伪加密状态</strong>（意思就是没有对文件设置密码，但是解压文件时还是会弹出一个对话框要求输入密码，这样就实现了伪加密的操作，对于这种文件可以查看一下它的文件格式，如果符合伪加密的特点，可直接把目录区的加密标志改回00 00，这样重新解压时，就不会要求输入密码了，就相当于实现了一个解密操作）</p>
<p>而如果数据区和目录区的加密标志位都处在09 00时，表示真加密状态，也就是说压缩包时确实设置了密码</p>
<p>这里不是说一定要设置成09 00，只要9所在位置是奇数位，就表示处在加密状态（比如01 00和09 00表达的含义都是相同的），偶数位的话就表示没有处在加密状态（比如02 00和00 00表达的含义都是相同的）</p>
<h1 id="CTF压缩包隐写考点分析"><a href="#CTF压缩包隐写考点分析" class="headerlink" title="CTF压缩包隐写考点分析"></a>CTF压缩包隐写考点分析</h1><h2 id="示例一：压缩包-图片"><a href="#示例一：压缩包-图片" class="headerlink" title="示例一：压缩包+图片"></a>示例一：压缩包+图片</h2><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200407222725743.png" alt="image-20200407222725743"></p>
<p>（利了通过文件头、文件尾来区分文件的特点，把需要提取的文件它自己那段十六进制数据提取出来，保存成独立的文件，实现文件的分离操作）</p>
<p>这种隐藏为相互的，可互相包含对方，分析文件时，要对文件的格式，尤其是文件头、文件尾进行检查</p>
<h2 id="示例二：压缩包加密"><a href="#示例二：压缩包加密" class="headerlink" title="示例二：压缩包加密"></a>示例二：压缩包加密</h2><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409214510494.png" alt="image-20200409214510494"></p>
<p>伪加密是可以用winhex打开压缩包，将加密的标志位修改成偶数即可。</p>
<p>压缩包设置密码操作：</p>
<p>​     右击新建一个文本文档，然后选中这个新建的文本文档，右击&gt;</p>
<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409215511729.png" alt="image-20200409215511729" style="zoom:50%;">

<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409220448928.png" alt="image-20200409220448928" style="zoom:50%;">

<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409220600861.png" alt="image-20200409220600861" style="zoom: 67%;">

<p>然后点击确定，就生成了一个压缩包</p>
<p>这里爆破可选择ARPR或<strong>archpr</strong>一类的工具进行爆破</p>
<p> <img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409221516817.png" alt="image-20200409221516817">点开工具，导入刚才的那个压缩文件<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409221639113.png" alt="image-20200409221639113" style="zoom:50%;"></p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409221912116.png" alt="image-20200409221912116" style="zoom:67%;">如图所示爆破出密码成功</p>
<p>注：<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409222144404.png" alt="image-20200409222144404" style="zoom:67%;">刚才爆破勾选的是这个0-9的纯数字，如果勾选ASCII码的话像大写的A-Z或小写的a-z以及其他一些符号的话，爆破区间会更大，爆破速度也会相应降低</p>
<p>如果题目有规定长度的一些限制的话，可在长度这里对它进行更精确的设置，这样的话爆破的速度会更快一些。</p>
<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409222516460.png" alt="image-20200409222516460" style="zoom:67%;">

<h2 id="示例三：CRC32碰撞"><a href="#示例三：CRC32碰撞" class="headerlink" title="示例三：CRC32碰撞"></a>示例三：CRC32碰撞</h2><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200409222748681.png" alt="image-20200409222748681"></p>
<p>（看上面右图，被加密文件可以显示出CRC32值，是文件加密之前的CRC32值）</p>
<p>解法：比如写个python脚本，来碰撞出对应字符，它的CRC32如果和被加密文件它的CRC32值一样的话，就相当于将文档中内容碰撞出来，这个时候虽然还是不知道加密密码，但是已经可以读到当中的内容了，也相当于是进行了一个解密操作。</p>
<p>比如：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411200952836-1586610277529.png" alt="image-20200411200952836"></p>
<p>（以下面那个为例）</p>
<p>可以写个脚本：先导入binascii库，将CRC32的值设置为需要碰撞的值，这里为：DBF9C8F7</p>
<p>这里已经知道其长度为4为，并且为数字型，可在1000~10000这个范围内进行一个爆破（1000，10000）：这里相当于爆破了从1000，一直到9999结束所有四位数数字</p>
<p>然后进行一个判断，这里调用了crc32，这个判断的意思是如果这个区间的某个数字的CRC32的值和要碰撞的值相同的话，就将它打印出来</p>
<p>实际上还要将生成的CRC32的值进行一个异或操作，因为在python2版本中binascii.crc32它所计算出来的crc的值域是负的2的31次方<del>正的2的31次方减1，它的计算结果是这个值域中的一个有符号整数。为了和crc做一个对比，还需将生成的crc32的值转化为无符号整数，所以还需对它进行一个十六进制的<strong>和十六进制的8个f（即：&amp;0xffffffff)</strong>对它进行一个异或操作来进行一个转换。如果是在python3中，binascii.crc32它的计算结果是0</del>2的32次方减1之间的一个无符号整数，此时就不需要做一个额外的异或操作了</p>
<p>（本讲解人在他的kali下安装的是python2版本，所以需要做个异或操作）</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411205239075.png" alt="image-20200411205239075"></p>
<p>（在竖线这里加异或操作）加完如下：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411205559924.png" alt="image-20200411205559924"></p>
<p>完整脚本书写如下：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411205707502.png" alt="image-20200411205707502"></p>
<p>（exit(0)：中断该程序，表示程序正常退出）</p>
<p>保存脚本</p>
<p>执行脚本，操作如下</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411210759473.png" alt="image-20200411210759473"></p>
<p>以上为数字型的操作。</p>
<p>如果为字符型的，即以压缩包中上面那个文件为例：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411210947358.png" alt="image-20200411210947358"></p>
<p>（对字符拼接，分段来爆破）</p>
<p>将这次范围设置为所有的大小写字母，如图： <img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411212207817.png" alt="image-20200411212207817"></p>
<p>将CRC32的值设置为需要碰撞的值，这里为：9CBE9D82</p>
<p>各个位进行分段处理：<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411212627688.png" alt="image-20200411212627688"></p>
<p>之后拼接一下字符串：<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411212606818.png" alt="image-20200411212606818"></p>
<p>然后进行判断（本身就是字符型的，所以直接对s进行处理，而没用str（s））</p>
<p>完整脚本书写如下：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411214227742.png" alt="image-20200411214227742"></p>
<p>保存，执行。</p>
<p>可见也将文档中内容碰撞了出来。</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411214639055.png" alt="image-20200411214639055"></p>
<h2 id="示例四：压缩包已知明文攻击"><a href="#示例四：压缩包已知明文攻击" class="headerlink" title="示例四：压缩包已知明文攻击"></a>示例四：压缩包已知明文攻击</h2><p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411214731774.png" alt="image-20200411214731774"></p>
<p>（题目中除了给出压缩包还给出文件A（A为压缩包中两个文件其中的一个））</p>
<p>用已经有的文件去碰撞另外一个文件</p>
<p>（或者是题目中只给了一个压缩包，但是其中的两个文件中的一个是通过伪加密来加密，这个时候可以通过解除伪加密的方式拿到其中的一个文件，然后再利用这个文件去碰撞另外一个真正加密的文件，通过这种方式来实现已知明文攻击）</p>
<p>例题如下：</p>
<p>给出一个压缩包和一个文件，压缩包打开如图所示，其中的那个和给出的文件名字相同的文件很有可能就是那个给出的文件：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411215746900.png" alt="image-20200411215746900"></p>
<p>对这个文件同样进行zip压缩：</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411220050352.png" alt="image-20200411220050352" style="zoom:50%;"><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411220133595.png" alt="image-20200411220133595" style="zoom:50%;"></p>
<p>然后打开看一下它的CRC32的值</p>
<p><img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411220352418.png" alt="image-20200411220352418"></p>
<p>和题目中给出的压缩包中的这个文件的CRC32的值是一样的，这样的话就可以用题目中已经给出的文件碰撞出我们想要拿到的那个文件。</p>
<p>这里使用<strong>archpr</strong>工具来进行已知明文攻击。</p>
<p>点击archpr工具</p>
<p>注：在弹出窗口导入压缩文件，选择攻击方式为明文攻击</p>
<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411222354811.png" alt="image-20200411222354811" style="zoom:67%;">

<p>这里选择已经获得的文件的zip文件<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411222502471.png" alt="image-20200411222502471" style="zoom: 50%;"></p>
<p>弹出攻击成功的提示<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411222637165.png" alt="image-20200411222637165" style="zoom:67%;"></p>
<p>发现压缩包加密密码还是没有破解出来，但是我们已经可以获取到我们需要解密的文件的内容了</p>
<p>点击ok，会让我们保存一个新的压缩包：<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411223029477.png" alt="image-20200411223029477" style="zoom:33%;"></p>
<p>在这个压缩包里就可以得到解密的文件了</p>
<p>尝试打开刚才保存的新的压缩包，可以看到这里面的文件已经解密了<img src="/2020/04/07/%E5%8E%8B%E7%BC%A9%E5%8C%85%E9%9A%90%E5%86%99/image-20200411223254723.png" alt="image-20200411223254723" style="zoom:50%;"></p>
<p>打开flag.txt文件，获取到了flag</p>

    </div>

    
    
    

      <footer class="post-footer">

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2020/04/06/python%E6%9C%89%E5%85%B3/" rel="prev" title="python有关">
      <i class="fa fa-chevron-left"></i> python有关
    </a></div>
      <div class="post-nav-item"></div>
    </div>
      </footer>
    
  </article>
  
  
  

  </div>


          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let activeClass = CONFIG.comments.activeClass;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#压缩包隐写含义"><span class="nav-number">1.</span> <span class="nav-text">压缩包隐写含义</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#常见压缩包格式分析"><span class="nav-number">2.</span> <span class="nav-text">常见压缩包格式分析</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#zip的三种加密状态"><span class="nav-number">3.</span> <span class="nav-text">zip的三种加密状态</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#CTF压缩包隐写考点分析"><span class="nav-number">4.</span> <span class="nav-text">CTF压缩包隐写考点分析</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#示例一：压缩包-图片"><span class="nav-number">4.1.</span> <span class="nav-text">示例一：压缩包+图片</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#示例二：压缩包加密"><span class="nav-number">4.2.</span> <span class="nav-text">示例二：压缩包加密</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#示例三：CRC32碰撞"><span class="nav-number">4.3.</span> <span class="nav-text">示例三：CRC32碰撞</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#示例四：压缩包已知明文攻击"><span class="nav-number">4.4.</span> <span class="nav-text">示例四：压缩包已知明文攻击</span></a></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
  <p class="site-author-name" itemprop="name">YQ Cong</p>
  <div class="site-description" itemprop="description"></div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">13</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
  </nav>
</div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

<div class="copyright">
  
  &copy; 
  <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">YQ Cong</span>
</div>
  <div class="powered-by">由 <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> 强力驱动 v4.2.0
  </div>
  <span class="post-meta-divider">|</span>
  <div class="theme-info">主题 – <a href="https://muse.theme-next.org/" class="theme-link" rel="noopener" target="_blank">NexT.Muse</a> v7.7.1
  </div>

        








      </div>
    </footer>
  </div>

  
  
  <script color='0,0,255' opacity='0.5' zIndex='-1' count='99' src="/lib/canvas-nest/canvas-nest.min.js"></script>
  <script src="/lib/anime.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/muse.js"></script>


<script src="/js/next-boot.js"></script>




  















  

  

</body>
</html>
